As long as Fortnite: Battle Royale keeps raking in the dough, there will be people looking for ways to exploit the gullible, greedy, and stupid. Check Point Research discovered a new way for this to happen, using some of Epic Games’ sub-domains. The result: a security threat that had the potential to expose the user information for all 200 million Fortnite players.
As the video from Check Point Research below summarizes, all you had to do was click on a link promising you free V-Bucks — which you should never, ever do — and that would allow the attacker to collect your login credentials, even without you providing them manually. This allowed the attacker to log into the victim’s account and use their credit card or listen in on voice communications.
Check Point Research has notified Epic of the vulnerability, which has since been addressed. You can read the full technical discussion on the methodology on the CPR site. And again: Don’t fall for any “free V-Bucks!” scam, OK?